cert-manager

Cert-manager is a native Kubernetes certificate management controller leveraging the ACME protocol. It adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. It will ensure certificates are valid and up-to-date and attempt to renew certificates at a configured time before expiry. For more information about cert-manager, see:

https://cert-manager.io/docs/getting-started/

This section will describe the steps to setup cert-manager to issue certificates with Keyfactor ACME server.

Prerequisites

The following are assumed to be installed and configured:

Kubernetes cluster (see https://kubernetes.io/docs/tasks/tools/)
cert-manager (see https://cert-manager.io/docs/installation/kubectl/)

Overview of using cert-manager with Keyfactor ACME

To use cert-manager to enroll for a certificate through Keyfactor ACME, you will deploy resources to a Kubernetes cluster using YAML files with the following steps:

Create EAB Secret for the issuer (see Create the EAB Secret for the Issuer).
Create a CluterIssuer resource to describe the Keyfactor ACME server which will be the cert issuer for the cluster (see Create the ClusterIssuer Resource).
Create certificate resources that use the issuer to enroll/get certificates (see Enroll for a Certificate).

Version v25.1

On this page: